having knowingly accessed a computer without
authorization or exceeding authorized access, and by means of such conduct
having obtained information that has been determined by the United States
Government pursuant to an Executive order or statute to require protection
against unauthorized disclosure for reasons of national defense or foreign
relations, or any restricted data, as defined in paragraph y. of section
11 of the Atomic Energy Act of 1954, with reason to believe that such
information so obtained could be used to the injury of the United States,
or to the advantage of any foreign nation willfully communicates,
delivers, transmits, or causes to be communicated, delivered, or
transmitted, or attempts to communicate, deliver, transmit or cause to be
communicated, delivered, or transmitted the same to any person not
entitled to receive it, or willfully retains the same and fails to deliver
it to the officer or employee of the United States entitled to receive it;

information contained in a financial record of a
financial institution, or of a card issuer as defined in section 1602(n) of
title 15,
or contained in a file of a consumer reporting agency on a consumer, as
such terms are defined in the Fair Credit Reporting Act (15 U.S.C. 1681 et seq.);

intentionally, without authorization to access any
nonpublic computer of a department or agency of the United States,
accesses such a computer of that department or agency that is exclusively
for the use of the Government of the United States or, in the case of a
computer not exclusively for such use, is used by or for the Government of
the United States and such conduct affects that use by or for the
Government of the United States;

knowingly and with intent to defraud, accesses a
protected computer without authorization, or exceeds authorized access,
and by means of such conduct furthers the intended fraud and obtains
anything of value, unless the object of the fraud and the thing obtained
consists only of the use of the computer and the value of such use is not
more than $5,000 in any 1-year period;

loss to 1 or more persons during any 1-year period
(and, for purposes of an investigation, prosecution, or other proceeding
brought by the United States only, loss resulting from a related course of
conduct affecting 1 or more other protected computers) aggregating at
least $5,000 in value;

a fine under this title or imprisonment for not more
than ten years, or both, in the case of an offense under subsection (a)(1)
of this section which does not occur after a conviction for another
offense under this section, or an attempt to commit an offense punishable
under this subparagraph; and

a fine under this title or imprisonment for not more
than twenty years, or both, in the case of an offense under subsection
(a)(1) of this section which occurs after a conviction for another offense
under this section, or an attempt to commit an offense punishable under
this subparagraph;

except as provided in subparagraph (B), a fine under
this title or imprisonment for not more than one year, or both, in the
case of an offense under subsection (a)(2), (a)(3), (a)(5)(A)(iii), or
(a)(6) of this section which does not occur after a conviction for another
offense under this section, or an attempt to commit an offense punishable
under this subparagraph;

a fine under this title or imprisonment for not more
than 5 years, or both, in the case of an offense under subsection (a)(2),
or an attempt to commit an offense punishable under this subparagraph, if
-

a fine under this title or imprisonment for not more
than ten years, or both, in the case of an offense under subsection
(a)(2), (a)(3) or (a)(6) of this section which occurs after a conviction
for another offense under this section, or an attempt to commit an offense
punishable under this subparagraph;

a fine under this title or imprisonment for not more
than five years, or both, in the case of an offense under subsection
(a)(4) or (a)(7) of this section which does not occur after a conviction
for another offense under this section, or an attempt to commit an offense
punishable under this subparagraph; and

a fine under this title or imprisonment for not more
than ten years, or both, in the case of an offense under subsection (a)(4)
[3] (a)(5)(A)(iii), or (a)(7) of this section
which occurs after a conviction for another offense under this section, or
an attempt to commit an offense punishable under this subparagraph; and

a fine under this title, imprisonment for not more
than 20 years, or both, in the case of an offense under subsection
(a)(5)(A)(i) or (a)(5)(A)(ii), or an attempt to commit an offense
punishable under either subsection, that occurs after a conviction for
another offense under this section.

The Federal Bureau of Investigation shall have
primary authority to investigate offenses under subsection (a)(1) for any
cases involving espionage, foreign counterintelligence, information
protected against unauthorized disclosure for reasons of national defense
or foreign relations, or Restricted Data (as that term is defined in
section 11y of the Atomic Energy Act of 1954 (42 U.S.C. 2014(y)),
except for offenses affecting the duties of the United States Secret
Service pursuant to section 3056(a) of this
title.

the term ''computer'' means an electronic, magnetic,
optical, electrochemical, or other high speed data processing device
performing logical, arithmetic, or storage functions, and includes any
data storage facility or communications facility directly related to or
operating in conjunction with such device, but such term does not include
an automated typewriter or typesetter, a portable hand held calculator, or
other similar device;

exclusively for the use of a financial institution or
the United States Government, or, in the case of a computer not
exclusively for such use, used by or for a financial institution or the
United States Government and the conduct constituting the offense affects
that use by or for the financial institution or the Government; or

which is used in interstate or foreign commerce or
communication, including a computer located outside the United States that
is used in a manner that affects interstate or foreign commerce or
communication of the United States;

the term ''exceeds authorized access'' means to
access a computer with authorization and to use such access to obtain or
alter information in the computer that the accesser is not entitled so to
obtain or alter;

the term ''government entity'' includes the
Government of the United States, any State or political subdivision of the
United States, any foreign country, and any state, province, municipality,
or other political subdivision of a foreign country;

the term ''conviction'' shall include a conviction
under the law of any State for a crime punishable by imprisonment for more
than 1 year, an element of which is unauthorized access, or exceeding
authorized access, to a computer;

the term ''loss'' means any reasonable cost to any
victim, including the cost of responding to an offense, conducting a
damage assessment, and restoring the data, program, system, or information
to its condition prior to the offense, and any revenue lost, cost
incurred, or other consequential damages incurred because of interruption
of service; and

This section does not prohibit any lawfully
authorized investigative, protective, or intelligence activity of a law
enforcement agency of the United States, a State, or a political
subdivision of a State, or of an intelligence agency of the United States.

Any person who suffers damage or loss by reason of a
violation of this section may maintain a civil action against the violator
to obtain compensatory damages and injunctive relief or other equitable
relief. A civil action for a violation of this section may be brought only
if the conduct involves 1 of the factors set forth in clause (i), (ii),
(iii), (iv), or (v) of subsection (a)(5)(B). Damages for a violation
involving only conduct described in subsection (a)(5)(B)(i) are limited to
economic damages. No action may be brought under this subsection unless
such action is begun within 2 years of the date of the act complained of
or the date of the discovery of the damage. No action may be brought under
this subsection for the negligent design or manufacture of computer
hardware, computer software, or firmware.

The Attorney General and the Secretary of the
Treasury shall report to the Congress annually, during the first 3 years
following the date of the enactment of this subsection, concerning
investigations and prosecutions under subsection (a)(5)